Merge remote-tracking branch 'gum/master'

krebs/3modules/makefu/default.nix

@@ -4,6 +4,28 @@ with config.krebs.lib;
 
 {
   hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
+    drop = rec {
+        cores = 1;
+        nets = {
+            retiolum = {
+                ip4.addr = "10.243.177.9";
+                ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce";
+                aliases = [
+                    "drop.retiolum"
+                ];
+                tinc.pubkey = ''
+    -----BEGIN RSA PUBLIC KEY-----
+    MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl
+    6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI
+    GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW
+    0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C
+    Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT
+    F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB
+    -----END RSA PUBLIC KEY-----
+    '';
+            };
+        };
+    };
     pnp = {
       cores = 1;
       nets = {
@@ -338,6 +360,7 @@ with config.krebs.lib;
           ip6.addr = "42:f9f0::10";
           aliases = [
             "omo.retiolum"
+            "tracker.makefu.r"
             "omo.r"
           ];
           tinc.pubkey = ''

makefu/1systems/drop.nix

@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+let
+  external-ip = "45.55.145.62";
+  default-gw = "45.55.128.1";
+  prefixLength = 18;
+in {
+  imports = [
+      ../.
+      ../2configs/hw/CAC.nix
+      ../2configs/save-diskspace.nix
+      ../2configs/torrent.nix
+  ];
+  krebs = {
+    enable = true;
+    tinc.retiolum.enable = true;
+    build.host = config.krebs.hosts.drop;
+  };
+
+  boot.loader.grub.device = "/dev/vda";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
+  fileSystems."/" = {
+    device = "/dev/vda1";
+    fsType = "ext4";
+  };
+
+  networking = {
+    firewall = {
+      allowPing = true;
+      logRefusedConnections = false;
+      allowedTCPPorts = [ ];
+      allowedUDPPorts = [ 655 ];
+    };
+    interfaces.enp0s3.ip4 = [{
+      address = external-ip;
+      inherit prefixLength;
+    }];
+    defaultGateway = default-gw;
+    nameservers = [ "8.8.8.8" ];
+  };
+}

makefu/1systems/gum.nix

@@ -21,9 +21,9 @@ in {
       ../2configs/exim-retiolum.nix
       ../2configs/tinc/retiolum.nix
       ../2configs/urlwatch.nix
+      ../2configs/torrent.nix
 
   ];
-
   services.smartd.devices = [ { device = "/dev/sda";} ];
 
   ###### stable

makefu/1systems/shoney.nix

@@ -14,6 +14,7 @@ in {
     ../2configs/hw/CAC.nix
     ../2configs/fs/CAC-CentOS-7-64bit.nix
     ../2configs/tinc/retiolum.nix
+    ../2configs/torrent.nix
   ];
 
 

makefu/1systems/wry.nix

@@ -24,9 +24,10 @@ in {
       ../2configs/nginx/euer.test.nix
 
       # collectd
-      ../2configs/collectd/collectd-base.nix
+      # ../2configs/collectd/collectd-base.nix
 
       ../2configs/tinc/retiolum.nix
+      ../2configs/torrent.nix
   ];
 
   krebs.build.host = config.krebs.hosts.wry;
@@ -83,5 +84,5 @@ in {
     nameservers = [ "8.8.8.8" ];
   };
 
-  environment.systemPackages = [ ];
+  environment.systemPackages = [ pkgs.screen ];
 }

makefu/1systems/x.nix

@@ -32,6 +32,7 @@
       # hardware specifics are in here
       ../2configs/hw/tp-x220.nix
       ../2configs/hw/rtl8812au.nix
+      ../2configs/hw/bcm4352.nix
       # mount points
       ../2configs/fs/sda-crypto-root-home.nix
       # ../2configs/mediawiki.nix
@@ -41,10 +42,13 @@
       ../2configs/tinc/retiolum.nix
       # temporary modules
       ../2configs/temp/share-samba.nix
-      # ../2configs/temp/elkstack.nix
+      ../2configs/temp/elkstack.nix
       # ../2configs/temp/sabnzbd.nix
       ../2configs/tinc/siem.nix
+      ../2configs/torrent.nix
     ];
+  makefu.full-populate = true;
+  makefu.deluge.web.enable = true;
   krebs.nginx = {
     default404 = false;
     servers.default.listen = [ "80 default_server" ];
@@ -57,7 +61,7 @@
 
   # configure pulseAudio to provide a HDMI sink as well
   networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ 80 24800 26061 ];
+  networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 ];
   networking.firewall.allowedUDPPorts = [ 665 26061 ];
 
   krebs.build.host = config.krebs.hosts.x;

makefu/2configs/default.nix

@@ -22,10 +22,17 @@ with config.krebs.lib;
     build = {
       user = config.krebs.users.makefu;
       source = let inherit (config.krebs.build) host user; in {
-        nixpkgs.git = {
-          url = https://github.com/nixos/nixpkgs;
-          ref = "125ffff"; # stable @ 2016-07-20
-        };
+        nixpkgs = if config.makefu.full-populate or (getEnv "dummy_secrets" == "true") then
+          { # stable @ 2016-07-20
+            git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; };
+          }
+            else
+            # TODO use http, once it is implemented
+            # right now it is simply extracted revision folder
+
+            ## prepare so we do not have to wait for rsync:
+            ## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff  -L | tar zx  && mv NixOS-nixpkgs-125ffff nixpkgs
+            { file = "/home/makefu/store/125ffff";};
         secrets.file =
           if getEnv "dummy_secrets" == "true"
             then toString <stockholm/makefu/6tests/data/secrets>

makefu/2configs/hw/bcm4352.nix

@@ -0,0 +1,6 @@
+{config, ...}:
+{
+  networking.enableB43Firmware = true;
+  boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
+}
+

makefu/2configs/temp/8812au.nix

@@ -0,0 +1,6 @@
+{config, pkgs, ...}:
+{
+  #boot.extraModulePackages = [ pkgs.rtl8812au ];
+  boot.extraModulePackages = [config.boot.kernelPackages.rtl8812au ];
+  boot.kernelModules = [ "rtl8812au" ];
+}

makefu/2configs/temp/elkstack.nix

@@ -0,0 +1,5 @@
+_:
+{
+  services.elasticsearch.enable = true;
+  services.kibana.enable = true;
+}

makefu/2configs/temp/sabnzbd.nix

@@ -0,0 +1,5 @@
+{pkgs, ...}:
+{
+  services.sabnzbd.enable = true;
+  systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+}

makefu/2configs/torrent.nix

@@ -0,0 +1,81 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+let
+  daemon-user = "tor";
+  daemon-pw = (import <torrent-secrets/daemon-pw>);
+  peer-port = 51412;
+  web-port = 8112;
+  daemon-port = 58846;
+  dl-dir = "/var/download";
+in {
+  # prepare secrets
+  krebs.build.source.torrent-secrets.file =
+    if getEnv "dummy_secrets" == "true"
+    then toString <stockholm/makefu/6tests/data/secrets>
+    else "/home/makefu/secrets/torrent";
+
+  users.users = {
+    download = {
+      name = "download";
+      home = dl-dir;
+      uid = genid "download";
+      createHome = true;
+      useDefaultShell = true;
+      group = "download";
+      openssh.authorizedKeys.keys = [ ];
+    };
+  };
+  # todo: race condition, do this after download user has been created
+  system.activationScripts."download-dir-chmod" = ''
+    for i in finished torrents; do
+      mkdir -p "${dl-dir}/$i"
+      chown download:download "${dl-dir}/$i"
+      chmod 770 "${dl-dir}/$i"
+    done
+  '';
+
+  users.extraGroups = {
+    download = {
+      gid = genid "download";
+      members = [
+        config.krebs.build.user.name
+        "download"
+        "deluge"
+      ];
+    };
+  };
+
+  makefu.deluge = {
+    enable = true;
+    auth = "${daemon-user}:${daemon-pw}:10";
+    # web.enable = true;
+    cfg = {
+      autoadd_enable = true;
+      download_location = dl-dir + "/finished";
+      torrentfiles_location = dl-dir + "/torrents"; copy_torrent_file = true;
+      lsd = true;
+      dht = true;
+      upnp = true;
+      natpmp = true;
+      add_paused = false;
+      allow_remote = true;
+      remove_seed_at_ratio = false;
+      move_completed = false;
+      daemon_port = daemon-port;
+      listen_ports = [ peer-port peer-port ];
+      outgoing_ports = [ peer-port peer-port ];
+      # performance tuning
+      cache_expiry = 3600;
+      stop_seed_at_ratio = true;
+    };
+  };
+
+  networking.firewall.extraCommands = ''
+    iptables -A INPUT -i retiolum -p tcp --dport ${toString daemon-port} -j ACCEPT
+  '';
+
+  networking.firewall.allowedTCPPorts = [ peer-port ];
+  networking.firewall.allowedUDPPorts = [ peer-port ];
+}

makefu/2configs/udpt.nix

@@ -0,0 +1,31 @@
+{pkgs, ...}:
+
+let
+  cfgfile = pkgs.writeText "udpt-config" ''
+    [db]
+    driver=sqlite3
+    param=:memory:
+
+    [tracker]
+    is_dynamic=yes
+    port=6969
+    threads=5
+    allow_remotes=yes
+    allow_iana_ips=no
+    announce_interval=1800
+    cleanup_interval=120
+
+    [apiserver]
+    enable=yes
+
+    [logging]
+    filename=-
+    level=warning
+  '';
+in {
+  makefu.udpt = {
+    enable = true;
+    inherit cfgfile;
+  };
+
+}

makefu/3modules/default.nix

@@ -2,11 +2,14 @@ _:
 
 {
   imports = [
+    ./populate.nix
     ./awesome-extra.nix
+    ./deluge.nix
     ./forward-journal.nix
     ./ps3netsrv.nix
     ./snapraid.nix
     ./taskserver.nix
+    ./udpt.nix
     ./umts.nix
   ];
 }

makefu/3modules/deluge.nix

@@ -0,0 +1,185 @@
+{ config, lib, pkgs, ... }:
+# based on <nixpkgs>/nixos/modules/services/torrent/deluge.nix
+with config.krebs.lib;
+
+let
+  cfg_daemon = config.makefu.deluge;
+  homedir = cfg_daemon.homedir;
+  delugedir = "${homedir}/.config/deluge";
+  cfg_web = config.makefu.deluge.web;
+  core_conf = pkgs.writeText "deluge-core-cfg" ''
+    {
+      "file": 1,
+      "format": 1
+    }${builtins.toJSON (default_core_cfg // cfg_daemon.cfg)}
+  '';
+
+  default_core_cfg = {
+    # ports and networking
+    daemon_port = 58846; allow_remote = false;
+    listen_ports = [ 0 0 ]; # from -> to, 0 -> random
+    outgoing_ports = [ 0 0 ];
+    random_port = true;
+    random_outgoing_ports = true;
+    listen_interface = "";
+    # folders
+    move_completed_path = homedir +"/complete"; move_completed = false;
+    autoadd_location = homedir + "/watch"; autoadd_enable = true;
+    download_location = homedir + "/data";
+    torrentfiles_location = homedir + "/torrents"; copy_torrent_file = false; del_copy_torrent_file = false;
+    plugins_location = homedir + "/.config/deluge/plugins"; enabled_plugins = [];
+    geoip_db_location = pkgs.geolite-legacy + "/share/GeoIP/GeoIP.dat";
+    queue_new_to_top = false;
+    info_sent = 0;
+    send_info = false;
+    compact_allocation = false;
+    # peer discovery, extras
+    lsd = true;
+    natpmp = true;
+    utpex = false;
+    dht = false;
+    upnp = true;
+    peer_tos = "0x08";
+    # active torrents
+    dont_count_slow_torrents = false;
+    max_active_limit = -1;
+    max_active_downloading = -1;
+    max_active_seeding = -1;
+    max_upload_slots_global = -1;
+    # seeding
+    share_ratio_limit = -1;
+    seed_time_ratio_limit = -1;
+    seed_time_limit = 180;
+    stop_seed_at_ratio = false;
+    remove_seed_at_ratio = false;
+    stop_seed_ratio = 2;
+    # speed and connections
+    rate_limit_ip_overhead = true;
+    ignore_limits_on_local_network = true;
+    max_download_speed = -1;
+    max_upload_speed = -1;
+    max_upload_speed_per_torrent = -1;
+    max_download_speed_per_torrent = -1;
+    max_half_open_connections = -1;
+    max_connections_global = -1;
+    max_connections_per_second = -1;
+    max_connections_per_torrent = -1;
+    max_upload_slots_per_torrent = -1;
+    enc_in_policy = 1;
+    enc_prefer_rc4 = true;
+    enc_level = 2;
+    enc_out_policy = 1;
+    cache_size = 8192;
+    cache_expiry = 60;
+    prioritize_first_last_pieces = false;
+    auto_managed = true;
+    proxies = {
+      peer = {
+        username = "";
+        password = "";
+        hostname = "";
+        type = 0;
+        port = 8080;
+      };
+      web_seed = {
+        username = "";
+        password = "";
+        hostname = "";
+        type = 0;
+        port = 8080;
+      };
+      tracker = {
+        username = "";
+        password = "";
+        hostname = "";
+        type = 0;
+        port = 8080;
+      };
+      dht = {
+        username = "";
+        password = "";
+        hostname = "";
+        type = 0;
+        port = 8080;
+      };
+    };
+    add_paused = false;
+    new_release_check = false;
+  };
+
+  api = {
+      enable = mkEnableOption "deluge daemon";
+
+      cfg = mkOption {
+        default = default_core_cfg;
+        type = types.attrsOf types.unspecified;
+        description = ''
+          for full configuration see defaults
+        '';
+        example = {
+          "daemon_port"= 58846;
+          "download_location"= "/var/download";
+        };
+      };
+
+      auth = mkOption {
+        default = [];
+        example = ["alice:MyC0mpL3xPass:10"];
+        type = types.lines;
+      };
+
+      homedir = mkOption {
+        default = "/var/lib/deluge";
+        description = "Home directory of deluge user";
+        type = types.str;
+      };
+
+      web = {
+        enable = mkEnableOption "deluge web";
+      };
+    };
+  imp = {
+
+    systemd.services.deluged = {
+      after = [ "network.target" ];
+      description = "Deluge BitTorrent Daemon";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart = "${pkgs.pythonPackages.deluge}/bin/deluged -d";
+        ExecStartPre =  let
+        in  pkgs.writeDash "deluged-init" ''
+          mkdir -p ${delugedir}
+          echo ${shell.escape cfg_daemon.auth} > ${delugedir}/auth
+          cp -f ${core_conf} ${delugedir}/core.conf
+        '';
+        Restart = "on-success";
+        User = "deluge";
+        Group = "deluge";
+      };
+    };
+
+    systemd.services.delugeweb = mkIf cfg_web.enable {
+      after = [ "network.target" ];
+      description = "Deluge BitTorrent WebUI";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.ExecStart = "${pkgs.pythonPackages.deluge}/bin/deluge --ui web";
+      serviceConfig.User = "deluge";
+      serviceConfig.Group = "deluge";
+    };
+
+    environment.systemPackages = [ pkgs.pythonPackages.deluge ];
+
+    users.extraUsers.deluge = {
+      group = "deluge";
+      uid = config.ids.uids.deluge;
+      home = cfg_daemon.homedir;
+      createHome = true;
+      description = "Deluge Daemon user";
+    };
+
+    users.extraGroups.deluge.gid = config.ids.gids.deluge;
+  };
+in {
+  options.makefu.deluge = api;
+  config = lib.mkIf cfg_daemon.enable imp;
+}

makefu/3modules/populate.nix

@@ -0,0 +1,5 @@
+{config, lib, pkgs, ... }:
+
+{
+  options.makefu.full-populate = lib.mkEnableOption "always do a full clone of nixpkgs";
+}

makefu/3modules/udpt.nix

@@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+  cfg = config.makefu.udpt;
+
+  out = {
+    options.makefu.udpt = api;
+    config = lib.mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "udpt";
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.udpt;
+    };
+
+    cfgfile = mkOption {
+      type = types.path;
+      default = "${cfg.package}/etc/udpt.conf";
+    };
+
+    user = mkOption {
+      description = ''
+        user which will run udpt. if kept default a new user will be created
+      '';
+      type = types.str;
+      default = "udpt";
+    };
+
+  };
+
+  imp = {
+    systemd.services.udpt = {
+      description = "udpt server";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      restartIfChanged = true;
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${cfg.package}/bin/udpt -c ${shell.escape cfg.cfgfile}";
+        PrivateTmp = true;
+        User = "${cfg.user}";
+      };
+    };
+    users = lib.mkIf (cfg.user == "udpt") {
+      users.udpt = {
+        uid = genid "udpt";
+      };
+      groups.udpt.gid = genid "udpt";
+    };
+  };
+in
+out
+

makefu/5pkgs/default.nix

@@ -21,6 +21,7 @@ in
     tw-upload-plugin = callPackage ./tw-upload-plugin {};
     skytraq-logger = callPackage ./skytraq-logger {};
     taskserver = callPackage ./taskserver {};
+    udpt = callPackage ./udpt {};
     wol = callPackage ./wol {};
   };
 }

makefu/5pkgs/udpt/default.nix

@@ -0,0 +1,29 @@
+{ stdenv, boost, sqlite, fetchFromGitHub }:
+
+stdenv.mkDerivation rec {
+  proj = "udpt";
+  name = "udpt-${rev}";
+  rev = "0790558";
+
+  enableParallelBuilding = true;
+
+  src = fetchFromGitHub {
+    owner = "naim94a";
+    repo = "udpt";
+    inherit rev;
+    sha256 = "0rgkjwvnqwbnqy7pm3dk176d3plb5lypaf12533yr0yfzcp6gnzk";
+  };
+  buildInputs = [ boost sqlite ];
+  installPhase = ''
+    mkdir -p $out/bin $out/etc/
+    cp udpt $out/bin
+    cp udpt.conf $out/etc/
+  '';
+  meta = {
+    description = "udp tracker";
+    homepage = https://github.com/naim94a/udpt;
+    license = stdenv.lib.licenses.gpl3;
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [ makefu ];
+  };
+}

makefu/6tests/data/secrets/daemon-pw

@@ -0,0 +1 @@
+""